Mumbai 'cyberattack' puts focus on the need for greater security

India Inc leaders said they are taking sufficient action and investing in technology to prevent such attacks, especially since work-from-home became a norm

A reported cyberattack on Indian electricity utilities, which shut Mumbai down last October, has caused concern among top Indian companies with cyber experts saying the country needs to invest additional resources to strengthen its IT systems.

According to a New York Times report, a Chinese government-backed cyber hack was behind the Mumbai power outage, which was meant to send a message to the Indian government at the height of tension between the two countries in Ladakh. Neither Indian nor Chinese governments have reacted to the news report.

India Inc leaders, meanwhile, said they are taking sufficient action and investing in technology to prevent such attacks, especially since work-from-home became a norm. ''There were several attacks on utility companies last year. But we had taken enough precautions,'' said the CEO of a Mumbai-based power company.  

Kumar Ritesh, founder and CEO of cyber security firm CYFIRMA, said they have observed a 210 per cent year-on-year increase in cyberattacks against Indian businesses and a 250 per cent increase in attacks targeting Indian government agencies and critical infrastructure since February last year.

For the past few years, India has been among the top most targeted countries. "In India, 36 million brute-force attacks were detected on remote desktop protocols (RDPs) between January and November 2020. India and Australia were also the two most targeted countries in the APAC region when we talk about ransomware attacks,” said Saurabh Sharma, senior security researcher (GReAT), Kaspersky (APAC). “Advanced persistent threats, or APT, groups are usually linked to state-sponsored attacks. In most cases, these attacks are carried out to gain access to sensitive data or create chaos in a specific region. Such attacks usually rise during tensions between two countries at their borders. India has definitely seen a rise in these attacks during the last year.”

Experts say some reasons India is seeing an increase in data breaches are remote working, rise in digital powerhouses, geopolitical tensions, and low cybersecurity maturity among businesses.

India is a highly attractive target for cyber criminals given the increasing number of unicorn start-ups and powerhouses. These born-in-the-cloud digital businesses hold massive amounts of data ranging from personal and financial information to user behavioural data. ''Hackers who can successfully breach the perimeters of these companies could gain access to a treasure trove of data that can fetch handsome returns in dark web marketplaces,'' Ritesh said.

‘’We have noticed state-sponsored and financially motivated hackers are particularly keen on Indian government agencies and Indian companies. Our research showed the suspected threat actors were mainly sponsored by China, Pakistan and North Korea. The hackers’ objectives were centred around smearing India’s reputation, causing productivity loss, creating operational damage and seeking financial gains,’’ he added.

Indian companies have low cybersecurity maturity and a traditional approach towards IT projects where resources are focused on building digital systems. Cybersecurity requirements are often an afterthought. This presents profound challenges with action being taken usually after a data breach or cyberattack.

The situation is compounded by the fact that over 46 per cent of commercial businesses are operating on traditional legacy systems. These are aged technologies that are no longer supported by their vendors, and they present cybersecurity gaps, loopholes and vulnerabilities that hackers can exploit to gain entry to corporate networks.

''In the Indian context, critical infrastructures are highly vulnerable as we have witnessed many software applications and operating systems displaying cybersecurity weaknesses,” Ritesh said, adding, “There are many cases of exposed databases, and confidential processes and files being publicly accessible. Cybersecurity awareness in these critical infrastructure sectors needs to be elevated.''

To prevent such attacks, experts said, India needs a holistic approach involving government, police and businesses. 

"The utility sector and public sector undertakings in general need to get into deploying the latest technology to deal with such threats. The confluence of operational technology and IT systems is important to tackle such attacks," said a security expert, requesting anonymity.

“To fight cyber-crime effectively, cyber-intelligence sharing amongst players operating within a specific industry or across multiple industries needs to take place,” Ritesh said. “This can create a common repository of known threats, malware, tactics, techniques, and procedures, giving organisations additional ammunition to mount more effective defence strategies.”

India also lacks a cohesive nationwide cyber-strategy, policies and procedures. Regulations around data privacy, protection and penalty should be enacted and enforced as these measures will help businesses evaluate their cybersecurity posture and seek ways to improve, experts said. Currently, incident reporting is not mandatory. If it is made so, there will be a body of research data that can provide insights on threats to India and inform the government on strategies it can undertake to strengthen the nation’s cyber posture.